[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#398460: CVE-2006-5397: libX11 XCOMPOSEFILE File Descriptor Leak



Package: libx11-6
Version: 2:1.0.3-2
Severity: important
Tags: security


A vulnerability has been found in libx11:
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2
and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment variable
via the duplicate file descriptor.

See
https://bugs.freedesktop.org/show_bug.cgi?id=8699

Please mention the CVE id in the changelog.



Reply to: